Without trying to give too much away…
Look at the characters you can enter without stopping the script from progressing. Then take advice that’s already been said, try to fuzz the input, but not necessarily with many characters.
Let the script finish and pay attention to the error messages.
You will get different errors based on your input. Once you get that it should be pretty clear.
Without trying to give too much away…
Look at the characters you can enter without stopping the script from progressing. Then take advice that’s already been said, try to fuzz the input, but not necessarily with many characters.
Let the script finish and pay attention to the error messages.
You will get different errors based on your input. Once you get that it should be pretty clear.
ok so I have a shell but everything on this box is owned by root except the user ***y and my shell dropped me in as user ***che. Im hitting nothing but walls. Anyone have any friendly advice?
So I was in uploads folder and saw some weird uploads by people who dont know how to upload the first shell. I just saw a file name having ‘XSS’ in it. Stop the trial and error and go google file upload vulnerabilty. There are 4-5 methods and practise and try all of them. I am now attempting user. Folks who are complete beginners can pm me if you need help.
I think we are supposed to use exiftool for uploading the image?
I recommend you and everyone stuck on the initial shell to keep it simple. There is a very trivial procedure to inject a payload into an image file and it works on this machine. Also, to be on the safe side, consider using one of the images which are already uploaded to the gallery by localhost to avoid eventual size and format restrictions.
Hi, thank for the tips. I used one of the image in the i***s folder and put my reverse shell in it. Uploaded it successfully but when i refresh the gallery i can’t see it. I’ve got one of my console in listening mode (nc -lvp 1234), but nothing happens…
Struggling to root for a while now, I have got the user but I’m not able to get the reverse shell as guly, instead, I get the reverse shell as apache. What I’m doing wrong?, Anyone willing to lend a hand to fellow HTBan.
Struggling to root for a while now, I have got the user but I’m not able to get the reverse shell as guly, instead, I get the reverse shell as apache. What I’m doing wrong?, Anyone willing to lend a hand to fellow HTBan.
Struggling to root for a while now, I have got the user but I’m not able to get the reverse shell as guly, instead, I get the reverse shell as apache. What I’m doing wrong?, Anyone willing to lend a hand to fellow HTBan.
So I was able to get the initial shell triggered simply. Though reading through this c_a.php file I have no idea what I am looking at. Not great with PHP but it seems you don’t have to be. I must be missing something obvious as usual. Anyone wants to PM a nudge would be helpful
Edit: wow yeah I was totally missing something obvious,. thanks for the tips. now for root.
Okay root was easy once you know the exploit which is not hard to find when you see what the script is doing.
Need a nudge for user… I can see the user.txt file, but cant read it. I see c****_a*****.php. Is that needed in any way ? What does touch have to do with all this ? thanks